ORDER TO APLY DACL

  • Thread starter Thread starter Luiz
  • Start date Start date
L

Luiz

In which order the entrances of the DACLs must be placed:
first the permissions to allow and later the denied, or
the the opposite? For what?

Thanks a Lot.
 
--------------------
Content-Class: urn:content-classes:message
From: "Luiz" <[email protected]>
Sender: "Luiz" <[email protected]>
Subject: ORDER TO APLY DACL
Date: Mon, 17 Nov 2003 11:46:27 -0800
Lines: 5
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcOtQ32qIkadQ9fITJCC3ZWdTUE97w==
Newsgroups: microsoft.public.win2000.security
Path: cpmsftngxa06.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.security:15916
NNTP-Posting-Host: TK2MSFTNGXA12 10.40.1.164
X-Tomcat-NG: microsoft.public.win2000.security

In which order the entrances of the DACLs must be placed:
first the permissions to allow and later the denied, or
the the opposite? For what?

Thanks a Lot.
Click to expand...

Hi Luiz!

Remember that for _most_ cases, a Deny will override an Allow. The order
you enter these settings into the GUI does not matter. What matters is how
you configure the ACEs. The only time a Deny will not override an Allow is
if the Deny is inherited and the Allow is explicit.

The following articles are good reference for ACL and file permission
behavior in general.

287024 Permission Inheritance Behavior Between Windows 2000 and Windows NT
4.0
http://support.microsoft.com/?id=287024

290403 How to Set Security in Windows XP Professional That Is Installed in a
http://support.microsoft.com/?id=290403

150101 INFO: Understanding Volume-Level Security on Windows 2000, Windows
NT,
http://support.microsoft.com/?id=150101

Hope this helps!

/Siddharth
PSS Security
 
Back
Top